Westboro, Northboro Verizon service hit by attack

Since March 3 — and perhaps as far back as Feb. 26 — Verizon customers in Westboro and Northboro had been experiencing regular and constant interruptions to their Internet and phone service.

Dozens of Westboro residents have discussed the service outages on Facebook (and offer sharp-tongued critiques of Verizon's response), and six have filed complaints with the state Office of Consumer Affairs and Business Regulation.

The disruptions, according to Verizon spokesman Philip G. Santoro, were caused by repeated cyberattacks on one residential customer in Westboro.

The cyberattack is called a dynamic denial of service, a DDOS or DOS. In an email, Mr. Santoro described the attack thusly: "Someone deliberately flooded that customer with an overwhelming amount of traffic that rendered their Internet service inoperable."

"When that happened, it caused Internet service to periodically slow down for other customers in Westborough," he wrote. "We are working to restore service to normal as soon as possible. DOS attacks are all too common today among customers of all Internet providers. It's important to remind Internet users to keep their firewalls operating and to keep their security software current."

Interestingly, though, when I first asked Mr. Santoro about this, he said there were no widespread outages reported.

I think that is because there was nothing physically wrong with the FiOS lines — no technical problems, no trees on the line, etc. At Verizon, the lines were all reported to be working as normal. But customers were calling in complaints and opening repair tickets left and right.

The state logs the complaints and passes them on to the service provider, in this case Verizon, said Jayda Leder-Luis, communications coordinator for the Office of Consumer Affairs and Business Regulation.

"DOS is a cybersecurity issue, one that can affect voice services that rely on access to the Internet (like VOIP)," she wrote in an email, referring to Voice Over Internet Protocol, in which phone service is provided through an Internet connection. "Those were the kinds of complaints we were receiving."

For dozens of residential and business customers in Westboro and Northboro, the interruptions were frustrating.

"It happened around 3 o'clock, every day," said Allen Falcon, chief executive officer for Cumulus Global, a cloud computing company in Westboro. "Sometimes it was a few minutes, sometimes 45 minutes to an hour." A few times, the interruptions occurred in the morning, just after 9 a.m., he said.

Since the company's phone service and Internet connection runs through a FiOS line provided by Verizon, when the FiOS line goes out, customers lose both phone and Internet.

"For us, it's incredibly embarrassing as a technology company, to lose our service like this," he said. "We're talking to someone and the phone lines goes down, the Internet goes down."

The company has workarounds, in which the office can switch its Internet and phone service to a 4G service provided by their cellphones.

"But it's slower performing and more expensive," he said. "Some days, around 3 p.m., we have to consider, 'Should we switch, just in case?' "

Several customers reported that Verizon had a lot of trouble pinpointing the cause of the interruptions, and several of them had Verizon technicians visit their homes and replace their routers. Since the cause was later determined to be this DOS cyberattack, replacing their routers looks like, in hindsight, a waste of time and money.

Steve Winer, a Westboro resident, said Verizon installed a new router at his home, but it made no difference. The outages continued.

"I am just wondering how much time and money was wasted on this," he wrote in an email. "I know I spent at least a couple of hours on the phone, and others shared similar stories. But, if you add up all the shipped routers and unnecessary service calls, along with the time both of us customers and (Verizon) personnel, I am sure it really adds up, and could have been avoided if someone had simply put two and two together and posted a chronic outage which began in February."

On Tuesday, Verizon apparently pinpointed the exact Internet Protocol address of the Verizon customer being attacked, and shut down the customer's FiOS service. The slowdowns and service interruptions have stopped.